package cn.edu.hrbcu.es.invigilatemanagerment.configuration;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.stereotype.Component;

import java.io.IOException;

@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        // 如果是 AJAX 请求，返回特定的 JSON 响应
        String xhrHeader = request.getHeader("X-Requested-With");
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        response.getWriter().write("You do not have permission to access this resource.");
        response.getWriter().flush();
    }

}
